Data Breach in the Healthcare Sector

Do you need this or any other assignment done for you from scratch?
We have qualified writers to help you.
We assure you a quality paper that is 100% free from plagiarism and AI.
You can choose either format of your choice ( Apa, Mla, Havard, Chicago, or any other)

NB: We do not resell your papers. Upon ordering, we do an original paper exclusively for you.

NB: All your data is kept safe from the public.

Click Here To Order Now!

Factor Analysis Table

Factors (Internal and External) Potential Impact of Identified Factor on the Organization Strategies to Minimize or Control Factor’s Impact
Youth moving out to seek better opportunities (External) Lack of potential workforce in the future and potential nursing shortage. Such an issue is relevant for smaller towns, where youth tends to acquire education and continue working in bigger cities. Cooperating with colleges and universities to attract young professionals from other areas.
Epidemic (External) Risk of not being able to provide the best service to all patients. The example of the COVID-19 pandemic showed how vulnerable healthcare organizations and the industry in general are to the threat of the pandemic. Creating an emergency plan to prepare workforce to the increased workloads and having a developed action plan for epidemic emergency.
Data breach (External) Date breach may lead to the loss of valuable or confidential patient information. Cyber threats are some of the newest issues with the healthcare industry as many hackers target them as easy victims (Byrd, 2019). Yet, healthcare organizations operate with very important clients who want to remain incognito or conceal their condition. Investing into development of advanced data protection systems and developing protocols that minimize the risk of the breach.
Phishing (External) Loss of clients or financial losses due to employees’ misconduct. Healthcare organizations can become victims of phishing because of valuable patient data they possess (Byrd, 2019). In addition, some employees may use corporate email for their private messages. Training staff to use the Internet responsibly, creating an inner system of websites and tools that is protected from external agents. Warning clients about the correct ways of interacting with the facility.
Lack of funding and resources (External) Inability to provide high quality care and meet the needs of the patients. Many healthcare organizations struggle financially to cover their needs and the needs of the patients. Cooperating with other healthcare facilities, seeking support from governmental organizations or non-profit organizations.
Violations of the medical code of conduct by employees (Internal) Loss of reputation, possible legal consequences depending on the case. Assigning supervisory and controlling roles to some of the personnel
Interns not wanting to continue working for the organization (Internal) Could lead to a nursing shortage. Attracting young talents is essential for proper functioning and development of healthcare organizations. Assigning the best professional to supervise and motivate interns to seek improvement and growth.
Ineffective management (Internal) Delays, poor quality of service, burned out employees. Burnout is one of the leading causes of nursing shortage as nurses are more likely to quit their job or under-perform because of the emotional damage. Hiring capable managers, ensuring that they adhere to the organization’s value, using positive and negative reinforcement to achieve better performance.
There being a group of workers who are often late for work and meetings (Internal) Bad discipline and lack of motivation from personnel that is punctual. In case the issue is not addressed, employees will not take their job and the organization seriously. Creating a system of warnings and penalties to prevent systematic late arrivals.
The equipment in the organization becoming outdated (Internal) Loss of reputation, possible mistakes in the work of the equipment. Mistakes could lead to wrong diagnoses, which is unacceptable for any healthcare organization. Seeking funding for constant update of the most important equipment.

Suggested Plan

Healthcare providers are ethically and legally obligated to protect the confidentiality of medical records of their patients. However, as noted by Seh et al. (2020), there has been an increase in the number and extent of reported data breaches in healthcare over the last few years. According to Seh et al. (2020), this is due to many factors, one of which is breach reporting becoming mandatory became mandatory in 2009. Another factor is the ease at which the penetration of the healthcare sector can be conducted. Finally, there is an abundance of confidential personal information in patients’ medical records that is available and accessible to offenders. Known cases of healthcare data breaches need to be analyzed for the creation of a framework to recognize and evaluate the risks and vulnerabilities of the organization and prepare an action plan. There are three categories in which the largest number of breaches occur: portable device breach, insider breach, and physical breach (Seh et al., 2020). Each of these categories needs its own risk management framework for specific risks connected to them to be avoided, reduced, or transferred.

Portable device breach occurs when a smart phone, laptop, personal digital assistant (PDA), or any other portable device is discarded, lost, or stolen. The ever-growing variety of devices capable of storing electronic protected health information (ePHI) creates corresponding loss opportunities. Seh et al. (2020) recommend that all devices are pre-approved, and healthcare providers take an inventory of devices approved and data stored on them. All devices must be protected by screen saver passwords and automatic log-offs after a specified period of time. Strong passwords are to be employed on each device and changed periodically, and a device lock is to occur after a number of failed login attempts. In addition to that, portable device ePHI data must be encrypted, and all encryption/decryption keys must be approved regarding complexity. Device software is to be configured for automatic updates with new releases and patches becoming available. Finally, all data must be periodically backed up on company servers or cloud providers.

Insider breach occurs in the case of employees or contractors with ePHI access intentionally breaching. As per Seh et al. (2020), to reduce the risks of it occurring, first of all, there must be complete background checks for all employees entering the organization. Authorized insiders are to be provided full access to ePHI only as required, and this access is to be restricted with multiple passwords for files, fields, and folders. There is to be the separation of duties among staff and user access restrictions on the basis of employees’ roles and responsibilities. Moreover, 2- or 3-factor authentication is to be used for system access. Camera records, system and building access, and other electronic sources are to be reviewed to verify individual use and access. Finally, system access for those leaving the organization is to be immediately terminated, with all devices immediately returned.

Physical breach occurs in the case of non-electronic records, mainly paper documents such as health records, tapes, or receipts being discarded, lost, or stolen. According to Seh et al. (2020), to attempt to prevent it from happening, PHI is to be shredded and put into secure bins. Employees should be taught to secure PHI and keep it on them at all times, not leaving it anywhere in plain sight. Furthermore, contractors with PHI access are to be subject to regular audits, and contracts are to include responsibility and liability for PHI breaches. Finally, medical facilities’ physical location is to be examined in relation to past incidents of burglary and insecurity in the general area.

In conclusion, data breach in healthcare is an issue that has become extremely prevalent in the last few years and needs to be addressed. A set of measures relating to each of the three categories – portable device, insider, and physical breach – is intended for the reduction of risks related to the manipulations of patients’ medical information. The frameworks of prevention measures discussed in this paper are a key factor of a risk management program in all of healthcare, and as a consequence, the ensuring of healthcare system security.

References

Byrd, D. (2019). Cyber Threats in Healthcare Industry: Recognizing the Significance of Cybersecurity (Publication No: 22621946) (Master’s thesis, Utica College). Proquest

Seh, A. H., Zarour, M., Alenezi, M., Sarkar, A. K., Agrawal, A., Kumar, R., & Ahmad Khan, R. (2020). Healthcare, 8(2), 1-18.

Do you need this or any other assignment done for you from scratch?
We have qualified writers to help you.
We assure you a quality paper that is 100% free from plagiarism and AI.
You can choose either format of your choice ( Apa, Mla, Havard, Chicago, or any other)

NB: We do not resell your papers. Upon ordering, we do an original paper exclusively for you.

NB: All your data is kept safe from the public.

Click Here To Order Now!